On October 25, parts of the production and administration of the automotive supplier Eberspaecher were paralyzed by a ransomware attack. As a result, the supply of German automobile manufacturers with components for exhaust, heating, and air conditioning technology is likely to be at risk, as the Wirtschaftswoche magazine reports.
However, the supply of components is currently still secured, manufacturers such as Audi, BMW, Mercedes-Benz, and VW told Wirtschaftswoche. However, one continues to monitor the situation very closely. According to the Wirtschaftswoche report, stocks usually only last one to two weeks, significantly more significant components.
Individual Eberspächer plants are said to have resumed emergency operations in the meantime, but delivery delays lasting months are expected. "With such a serious attack, companies threaten weeks of production disruptions, even under the best of circumstances," says Stefan Bratzel, director of the Center of Automotive Management in Bergisch Gladbach.
Expert expects delivery bottlenecks.
He reckons that it will take months before the automotive supplier can supply its customers normally again. "The cyberattack on Eberspächer means the next low blow for an industry that is already groaning from a lack of chips and raw materials in important components."
Although car manufacturers have concluded contracts with several suppliers for many vehicle components, this does not protect against delivery bottlenecks. A second manufacturer could not deliver double the amount of components straight away. "This means that due to the lack of parts, there is a risk of a production standstill in individual series, and car buyers will have to be prepared for additional waiting times," warns expert Bratzel.
Due to the lack of chips, the delivery times for some models are already between three months and a year. At the IAA automobile fair, VW supervisory board chairman Hans Dieter Pötsch stated that he expected the chip crisis to continue until mid-2022.
The BSI refused help.
However, Eberspächer is said to have turned down an offer of help from the Federal Office for Information Security (BSI) to cope with the attack. The BSI of Wirtschaftswoche confirmed a corresponding offer. The BSI "has a great interest in increasing cybersecurity in the economy," said a spokesman for the authority. The exchange with companies affected by IT security incidents is "also of particular importance for the most comprehensive possible picture of the situation."
IT security must be a priority for every company, stressed BSI President Arne Schönbohm. This could significantly reduce the severe effects of successful attacks. "Information security must therefore be understood as a permanent task and implemented in a structured manner in the company," emphasized Schönbohm.
Consistent network segmentation, the provision of functioning backups, well-thought-out patch management, and practiced emergency processes are the most critical protective measures.